The problem

Ok, let’s say you left home this morning for an important meeting and, when you got there, you discovered that you have left the presentation file and the whole USB stick plugged on the PC back home. What do you do?

Normally, you should be in such a hurry or under-slept, so you would remember to take the USB stick with you. But this is not the only situation where you just need to get access to your desktop computer remotely. You may need to take a look at your security cameras because a neighbor called you about weird noises from inside your house. Or you may simply want to close your mail client application because it downloads all the new email, rendering your precious 3G-enabled mobile mailer useless.

What can you do?

Most people would prefer a typical solution for remote access, like the Remote Desktop service on Windows or a VNC server on Linux. Usually, these server applications are configured to start on system boot and stay up, regardless if you need them or not. In the worst case, you may even forget all about them after some time, creating yet another security vulnerability for your system. Ideally, we would prefer the option of turning these servers on and off on demand, but the problem is that you’re not in front of your desktop PC to do so. We have not yet found a way to “wake up” a server that it is not even running, so that you can connect to it and start it.

Well, it seems that a combination of tools and web services can enable just that. I was wondering if it is possible to signal my home computer to start a server on demand, via a telephone (modem) or something, but I ended up in a much different and much more efficient way. TweetMyPC is a simple application for Windows that monitors and responds to tweets at a specified Twitter account. It includes a wide variety of commands, like responding by posting the current IP address of your router or the list of running processes, as well as the option to specify custom commands that execute any program locally. This means that by posting a specific “command” tweet at your Twitter account, TweetMyPC will recognize it and, after a few seconds, the pre-specified program will start automatically at your home PC.

This simple Twitter-based mechanism solves the problem of a reliable “trigger” mechanism for starting and shutting down a server remotely, using a widely available platform that can be accessed via a normal computer, a portable device or even a web-enabled mobile phone. But there is still the problem of a reliable “remote desktop” service that can be controlled that way. Windows’ Remote Desktop service is normally not something that you can switch on and off on demand simply by starting and stopping one program. Furthermore, you may want to use a specific server, a secure connection or even “signal” a program that runs without any other interaction. TweetMyPC could do that, e.g. responding to a tweet-command and start disk defrag, but this may not be enough.

A perfect replacement for Windows’ standard Remote Desktop service is TightVNC, a very lightweight and reliable server that starts on demand (as any user program) and supports RDP connections from both VNC and web clients. The second case is the most interesting one, since it enables someone to access the remote computer’s desktop via any web browser, running the whole VNC client as a Java applet (or a custom plug-in). In practice, a TightVNC server can enable remote desktop access from inside a web browser, no matter if you’re carrying a laptop, PDA, Smartphone or any web-enabled mobile phone, provided that it can run a Java applet.

The only thing missing is configuring all these features to work together smoothly on any platform. Normally, there should be no problem. Various VNC servers are available for all OS platforms, including Windows, Linux, MacOS, FreeBSD, etc. I’m not sure about the availability of TweetMyPC replacements on every OS, but there are Java versions for MacOS and Linux for sure. Twitter API is fairly simple, so an experienced programmer with some free time to kill can create a similar application for virtually any OS.

Installation checklist

The installation might seem a bit complicated to some, so here is a checklist of things to do, in order to setup a remote-server-on-demand:

Create a new dedicated Twitter account for controlling the remote computer: Normally, you wouldn’t want it to be public, so “protect tweets” should be enabled. Also, since this is the entry point for this whole service, it should use a string password and a not-so-obvious account name (like “myhomepc”).

Download, install and configure TweetMyPC for this account. Make sure you start it on system boot or before you leave home. Remember, this is the “trigger” mechanism, it cannot be started remotely!

Access your router’s control panel and configure a new (custom) network service for the VNC server. Make sure you define a custom set of ports, replacing the default 5800 and 5900 ports, as an additional security measure. Think of if as a PIN number for accessing your VNC server remotely. Also, make sure you actually open these ports on both the router and your software firewall/antivirus, otherwise you will never get access.

Usually, a ADSL modem/router is assigned a dynamic IP address by the ISP, making it a bit tricky to find out where to talk to when you are away. TweetMyPC recognizes the “ip” tweet-command, responding with your router’s current public IP. However, there is a much simpler way: DynDns.org offers a free DNS forwarding service that gives a “name” to your volatile IP address. Most modem/routers have a built-in support for DynDns.org services and can be configured to continuously update your account, so in this way you can always access your home network at the same “hostname” entry point.

Download, install and configure TightVNC or any other similar VNC server on your local computer. As always, use a strong password for incoming connections and set up the two custom ports, one for normal RDP clients and one for HTTP access. Make sure the server doesn’t need any special adjustments or command-line options every time it starts, otherwise TweetMyPC configuration might become tricky.

In TweetMyPC, define a custom command for starting the VNC server. You just select a name for it and the path to the executable program. As a security measure, use a not-so-obvious command name, like “vncstart”, but rather include a PIN code with it, for example “vncstart12345”. TweetMyPC recognizes it just as easily and your tweet-commands are more secure this way.

You’re almost done. Check your laptop or portable device for accessibility by starting up the VNC server and trying to connect to it. Remember to use your DynDns.org “hostname” or your router’s public IP (current), so that you will connect to it externally and not by your local network. Use a RDP client (anyone will do) or connect to it via a web browser. In the second case, you might be prompted to update your Java runtime plug-in, so that the applet runs properly. When you enter the correct password, you should be able to see your remote computer’s desktop.

Wrapping up and switching on

If you do all these properly, it shouldn’t take more than ten minutes to complete the setup. Whenever you want to use your computer remotely, the typical process is as follows:

Make sure you start TweetMyPC on system boot or before you leave home. Remember, this is the “trigger” mechanism, it cannot be started remotely!

When you want to connect, login to your control Twitter account and post “ip”. TweetMyPC will respond shortly, saying what your router’s current IP is. Alternatively, you can always use your DynDns.org “hostname” entry if you have set up your router to it.

From your control Twitter account, post “vncstart12345” command (or whatever you named it). TweetMyPC will start the VNC server and in a few seconds you will be able to connect.

Use your web browser and connect to the VNC server at the HTTP port or any VNC client at the RDP port. On successful login, you should be able to see your remote computer’s desktop.

Do your work remotely, check emails, run defrag, etc.

When you’re done, just go to the VNC server and shut it down

Security considerations

This seems like a nice and simple service, having the option to run remote access on demand. Compared to an always-on remote desktop service, this setup is by far more secure. But it is not 100% secure, it never is.

The first and most important consideration is your control Twitter account. This should be kept private, as much as possible. Not following anyone, not anyone following it. The account name should not be an obvious one and the password should be strong. On the host computer, never leave TweetMyPC on without a reason. Remember, this is the “trigger” mechanism and the entry point to your host computer.

For the VNC server, again, use a strong logon password and change the default ports. Do not leave it running unattended and without a reason. That’s the whole point for not using an always-on Remote Desktop service in the first place. When you’re done, be sure to shut it down. You can always start in again via TweetMyPC.

If you have a specific work schedule, your router and/or software firewall can be set to keep the two VNC ports open only between a specific time frame, e.g. between 9am and 5pm. This way, even if you leave TweetMyPC and VNC server open, no one can access your local network any other time.

Unfortunately, compatibility and lightweight deployment mandates the use of unsecure RDP and HTTP for VNC connections. That is, once you connect, the traffic is not encrypted by default. This can be solved by using “secure” versions of the programs on both ends, i.e., a secure VNC server and a secure RDP client and/or HTTP/applet combination. A simpler way would be to connect through a VPN connection, if you can setup one between your host computer and whatever mobile device you are using. However, complete privacy is a bit more difficult to ensure in practice, since you wouldn’t want someone to peek over your shoulder when you access company files remotely from an Internet café.

Conclusion

It seems that web 2.0 is becoming much more than a social thing. It can also be used a public “bulletin board”, accessed through various means and devices, making it a perfect “triggering” platform for web-enabled applications. Likewise, VNC is now becoming a standard practice for home and small-scale remote accessing, something like a mini-cloud architecture, for individual users for their own private needs. A combination of all these technologies can build up into a seamless service that can be characterized as a true “remote office on demand via web 2.0” – definitely science fiction for those who have witnessed the birth of World Wide Web, only two decades ago.